Details

    • Type: Technical task
    • Status: Accepted
    • Priority: TBD
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Undetermined

      Description

      The phone number field for patient contact info is vulnerable to XSS when editing an existing patient's contact info.
      Further, that field should validate for phone numbers, as now it allows for arbitrary characters.

        Attachments

        1. cross-site-scripting.png
          cross-site-scripting.png
          62 kB
        2. execution-at-page-load.png
          execution-at-page-load.png
          53 kB
        3. XSS-confirm.png
          XSS-confirm.png
          65 kB

          Issue Links

            Activity

              People

              • Assignee:
                dkayiwa Daniel Kayiwa
                Reporter:
                agyori Alex Gyori [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: